Formal Validation of an Interlocking System for Large Railway Stations: A Case Study,

The goal of this document is to define a case study in formal verification, based on a complex real-world application developed by Ansaldo Trasporti. The application, called ACC, is a highly programmable and scalable interlocking system for the control of large railway stations. In the case study, several features of the ACC are omitted in order to limit the complexity. However, the case study still retains a close similarity to the architecture of the ACC, and raises a number of problems of interest for the problem of the formal validation of the real system,

In this paper we propose a model based decision procedure for common sense temporal reasoning. This procedure exploits and enhances Lifschitz` work and distinction between action language and query language and Clarke`s work on symbolic model checking. In particular, it allows us to retain the full xpressibility of the temporal formalism and, at the same time, to perform efficient reasoning and to scale up to very complex problems, comparable or more complex than those dealt with by the current state-of-the-art planners,

Using non failure-safe components in the implementation of safety-critical systems is desirable because of the extremely high cost of certified components. In order to enhance the safety of such systems, we adopt a solution based on the idea of verifying each single execution of the software running upon them. In particular, we consider the class of translation-based tools used in the development of safety-critical systems. In order to perform the verification in an automatic and efficient way, we follow an innovative approach, by distinguishing an off-line and an on-line verification phases. Each proof in the two phases is guaranteed correct thanks to the use of a logging-and-checking architecture for the tools used to generate them. We describe in detail the off-line and on-line logging-and-checking methodology, its application in the frame of an industrial project, and the ongoing logging-and-checking redesign of a state-of-the-art prover which we intend to use in future applications,